The agility and power of virtualization and cloud packages such as VMware ESXi have brought new capabilities in terms of automation, time to market and general flexibility to IT organizations around the world. However, the same factors that have contributed to the tremendous success of virtualization and cloud also mean that the hypervisor is a prime target for hackers and a prime candidate for enhanced security.
Of course, the outsider isn’t your only concern, you need to worry about insiders as well. With the coming of new technologies such as NSX, you need to consider how to keep virtual administrators in their appropriate “swim lanes”. Role and asset-based access control help you define who can do what to which objects, with workflows supporting secondary approval for sensitive or high impact operations in addition to integration with Active Directory to help ensure a seamless deployment.
Generally speaking comprehensive logging is useful, particularly when trying to troubleshoot. In cases where you have to do forensic cleanup after a breach, comprehensive logs are indispensable. Furthermore, most regulations like HIPAA, PCI-DSS and the like require certain information like unique userids, source IP addresses, before and after states of reconfigured resources as well as record of failed or denied operations. We capture all of these and more, helping with compliance, forensics and troubleshooting.
HyTrust CloudControl can assess VMware vSphere hosts to identify configuration errors using pre-built assessment frameworks, such as PCI DSS, C.I.S. Benchmark, VMware Best Practices, or even custom user-defined templates. The solution actively eliminates configuration problems quickly and easily via active remediation. It also allows proactive monitoring of hosts, eliminates configuration drift, and ensures ongoing compliance according to a defined standard, all without manual effort or scripts.